Nobody talks to the network without valid credentials. Every reputation and payment event is attributable, non-repudiable, and verifiable by your own team — not because we promise it, but because the architecture makes it so.
The registry is deliberately small. The less it does and the less it sees, the smaller the attack surface for the operators that can't afford to fail.
mTLS between nodes and registry — nobody talks to the network without valid credentials.
Every reputation and payment event is attributable and non-repudiable.
Issued by the identity service; revocable instantly, network-wide.
The registry is deliberately small — the less it does and sees, the smaller the attack surface.
Identity is established before the first message, and carried by every message after it. There is no anonymous traffic on the network and no unsigned event in the record.
An event can't be altered or deleted retroactively. Cryptographic inclusion proofs let your team verify an event is authentic without trusting our word.Network layer · in build · roadmap
A reputation or payment record your team wants to confirm is authentic.
Confirm the issuing party signed it — attribution and non-repudiation in one step.
Prove the event sits in the append-only ledger, unaltered — without trusting our word.
Authentic or not — a judgement your team reaches on its own evidence.
Multi-region operation, isolation between the operation and network planes, and sensitive data kept out of the ledger by policy — backed by a security program sized for operators that can't fail.
A multi-region registry with isolation between planes — operation versus network — so a fault in one doesn't cross into the other.
Sensitive data is kept out of the ledger by policy. Access auditing and traceability of governance actions are built in, not bolted on.
A security program, penetration testing, and incident response appropriate to critical infrastructure — practiced, not merely documented.
| Stays in your node (yours) | What the registry sees (minimal) |
|---|---|
| Trip routes and passenger data | Driver identity and verification |
| Fares and local operating rules | Portable reputation (append-only ledger) |
| Local payments and card data | Signed payment events (hash + amount, no personal data) |
| Own-brand app and fleet | Cross-network routing and protocol versioning |
Build status. The network layer the registry, ledger, roaming and protocol carry is on the roadmap and shown as a target architecture, not a live service. The operation plane the node, apps, dispatch, payments and tracking is what ships today.
Specific certifications — for example ISO 27001 or SOC 2 — will be declared only once obtained or verifiably in progress. We claim none of them on this page.
What we will do is walk your security team through the architecture, the controls, and the verification model — under NDA where appropriate.
Attribution, non-repudiation, an append-only record, and inclusion proofs — designed so your team can confirm authenticity without trusting our word. We'll walk all of it, under NDA where it matters.
